Cyber security: key challenge and responsibility for investment banks
Cyber threats are a modern-day peril of the digital age. By the very nature of their business investment banks possess vast quantities of highly sensitive information. When such information is compromised the consequences, in terms of reputational damage and monetary losses, could be significant. By adopting an active cyber security strategy, a sound organizational structure and new technology, investment banks can begin to address concerns and devote more resources to growth-oriented activities.
Traditionally, investment banks are highly aware of the importance of safe guarding customer and transaction data, and have taken all the steps necessary to do so. In the current environment, investment banks may be dealing with forces that cannot be addressed exclusively by internal resources.
Thus, cyber security becomes not only a major challenge for investment banks, but also a key responsibility. They need to consider:
- The organizational structure and reporting arrangements for cyber security operations
- The experience and expertise of the chief information security officer (CISO) and the need to balance industry knowledge against “street smarts” as they pertain to cyber issues
- Safeguarding data in a networked environment, which may encompass cloud data storage and the provision of services via the cloud
- Creating a culture that is both security conscious and aware of the financial and reputational consequences of data breaches
A pervasive concern
Cybersecurity is a widespread and pressing concern for most executives. A world-wide survey of almost 900 executives found that more than two-thirds of respondents believe the likelihood of a cyber attack to be “very” or “extremely” high. For investment banks, effective cyber security begins at the top, with the board of directors and senior management. Firms need a structure that recognizes the business issues connected to cyber security, while providing the expertise needed to deal with specific and ever-changing threats.
Securing the edge
New technologies are opening new horizons for investment banks and their clients. Mobile phones and tablets now serve effective platforms for many activities. However, the functionality of such devices has often outpaced the ability of investment banks and other financial services to protect customers’ privacy and prevent unauthorized access to their accounts.
Adopting new technologies
Some players have begun exploring promising new technologies to identify and prevent cyber incursions. Some investment banks are piloting voice biometrics for added security and a better customer experience during telephone transactions. Others are exploring new authentication methods, such as social log-ins and risk or content-based identification. Investment banks can benefit from important features of new security technologies, including the ability to identify anomalies in network traffic, prioritize threats and provide advance warnings of possible breaches.
The “big-picture” approach
Investment banks can benefit from applying several “big-picture” principles to cyber security. In addition to a “top-down” view starting with the board and senior management, these include:
- A proactive stance: Reactive cyber defense is no longer sufficient to maintain an effectivesecurity program and regulatory compliance
- A broad view of risk management: Cyber risk should be considered alongside traditional enterprise risks to more effectively inform risk management decision making
- A willingness to collaborate: Investment banks’ internal cyber security teams may have been capable to deal with yesterday’s threats.
- Attention to the human factor: Many breaches occur because of human error, negligence or failure to follow security protocols. Investment banks should encourage proper procedures and assign responsibility when individuals are at fault.
Enable secure, autonomous devices at the edge.
As edge devices such as sensors and smart meters increase and become more autonomous, security should encompass the potential risks to those devices, such as physical tampering, data integrity and unauthorized access. Understand and proactively address the security implications of decisions being made at the edge.
Make data-driven decisions at internet of things (IOT) scale.
Increasingly larger amounts of data are being collected, processed and analyzed by organizations. Establish end-to-end security on data. Develop and maintain a data assurance program as the center of your IOT strategy. Build a data assurance program that directly ties to the business model.
Secure volume, variety and velocity of big data.
The exponential growth of big data is straining traditional database management systems. In moving to big-data platforms, apply the principles of information security across all aspects of data collection and management.
Maximize protection across digital ecosystem platforms.
Digital industry and cross-industry ecosystems and platforms are developing to support the IOT. Combine operational and security information across the enterprise to help businesses respond effectively to the rapidly changing cyber landscape.
Build customer trust in a digital economy.
Successful digital enterprises will establish and maintain customer trust based on how they collect and protect their data. Be vigilant with security and privacy practices so as, to not compromise the customers’ experiences or lose their trust.